Subject Re: [Firebird-Architect] External engines - security
Author Adriano dos Santos Fernandes
Roman Rokytskyy escreveu:
>>>> Sorry, but I'm not understand your question about J2SE security and
>>>> fbserver.exe.
>>>>
>>>>
>>> Can one tune J2SE security on per-process basis ? I.e. - allow some process
>>> to do something (load java class and run it, for example). Or how it is worked ?
>>>
>> Yes, each process loads one JVM and AFAIK, each ClassLoader (one for
>> each DB user) can also have different security policies.
>>
>
> Why do we need classloader-per-user scenario? In what case we give an
> execute permission to some particular procedure to a particular role but
> you wich to apply some particular security policy on the code you
> execute on behalf of that user? Why GRANTs and policy-per-database is
> not enough?
I was talking about user that *created* the procedure, but I should
think more on this before a conclusion.

I was based in Oracle that USER = SCHEMA.

For FB, what we will really need is this (one classloader per schema,
since same class name may exist in different schemas), when we have schemas.


Adriano